The Anatomy of an Online Confidence Scam

There is an old saying “A friend in need, is a friend indeed”… but how do you know that “friend” is really your friend when you’re talking to him online? My cousin Chris recently had to ask himself this very question when a cry for help through his Facebook chat window started to smell a little fishy. With his permission, here’s the text from the conversation (keep in mind, “SCAMMER” is a real life friend… not some random person on the internet that stumbled on your AOL username):

03:35:14 SCAMMER: Hey 03:35:26 Chris: sup 03:35:40 SCAMMER: How are you today 03:36:02 Chris: well my friend just died but other than that i’m okay 03:36:20 SCAMMER: Sorry about that 03:36:25 Chris: cancer 03:36:27 SCAMMER: Am in a deep sh** right now 03:36:33 Chris: hows that? 03:36:53 SCAMMER: I was mugged at gun point in london lastnight 03:37:00 Chris: first time? 03:37:09 SCAMMER: those muggers took my wallet and bank card from me 03:37:42 Chris: how much you need? 03:37:51 SCAMMER: am stuck here at the moment 03:38:03 SCAMMER: and i need help with my flight ticket back home 03:38:26 Chris: yeesh, not sure i have that kind of scratch 03:38:49 SCAMMER: I Was wondering if i could get a quick loan from you to complete my ticket fee 03:38:55 SCAMMER: $650 03:39:04 Chris: yeah i definitely dont have that 03:39:08 SCAMMER: I Would refund it back to you as soon as am back home 03:39:24 SCAMMER: How much can you afford to me as we speak 03:39:27 Chris: well 03:39:37 Chris: if you can wait 6 or 8 hours 03:39:51 Chris: me and [EX-COWORKER1] and maybe [EX-COWORKER2] can get that together 03:40:20 SCAMMER: My flight leaves london in less than some hours 03:40:32 SCAMMER: That is why i want to know how much you can afford 03:40:34 Chris: yeah i just paid $2100 in rent 03:41:15 SCAMMER: How much can you afford to me 03:41:18 SCAMMER: Now 03:41:23 Chris: maybe $200 03:41:29 Chris: hang on a sec 03:41:35 SCAMMER: Ok 03:43:18 Chris: is this a business trip? 03:43:35 SCAMMER: I Came here on vacation 03:43:57 SCAMMER: Can you make the it $300 03:44:13 Chris: not if i want to eat in the next couple of days 03:44:37 SCAMMER: i promise to refund it back to you as soon as am back home 03:45:04 SCAMMER: You can have the money to me through western union 03:46:07 Chris: what does [OLD ROOT PASSWD] mean to you 03:46:34 SCAMMER: am freaked out right now man 03:46:43 SCAMMER: so i can’t get what you mean by that 03:46:51 Chris: did you file a police report? 03:47:01 SCAMMER: Yeah 03:47:12 SCAMMER: But is not yielding result 03:47:36 SCAMMER: Cos i was asked to wait till three weeks time before i get my a** out of here 03:47:40 Chris: who is [OLD BOSS] 03:48:13 Chris: what is your flight number / carrier? 03:48:46 SCAMMER: It was in my wallet when those robbers came in 03:48:57 SCAMMER: so there absconded with my wallet 03:49:10 Chris: establish your identity 03:49:29 SCAMMER: SCAMMER 03:49:36 Chris: what’s your paypal addr? 03:49:49 SCAMMER: what do you need that for 03:50:09 Chris: don’t try to scam a scammer, son 03:50:25 SCAMMER: Really 03:51:17 Chris: i think we’re done here. Changed status to Offline (03:51:21)

Now how crazy is that? Real-time chatting with someone who has stolen your friend’s login information and is now trying to get you to send him money. From a scam perspective, my first reaction was “Wow, that’s not very efficient”, because it required one on one interaction with each of your victims… but after thinking about it further, this is how cons have traditionally played out! After doing some quick Googling, turns out it’s working too! Of the first four links I found after searching for “Facebook scam stuck in London” (yeah, they apparently haven’t bothered to update the city they’re stuck in), one had sent them $300. Not too shabby… I mean if you’re into stealing other people’s money from them.

So how does something like this happen? Well, presumably Chris’ friend has fallen for one of the growing number of phishing scams on Facebook (this type of attack could just as easily take place on MySpace) and unknowingly provided these goons with his login credentials. After that, it’s just a sit and wait game. A friend pops online… you hit them up.

Think you would fall for this type of scam? Let me know what you think.

— Dan Thompson

P.S. Special thanks to Chris for letting me steal his thunder a bit. Good stuff!